Purpose
The University of Kansas Medical Center develops and maintains appropriate mechanisms to protect the confidentiality, integrity and availability of its computerized data and information resources. Many threats against University systems originate from external sources. To control traffic from the public Internet, the University maintains a firewall at the network perimeter.
Definitions
DMZ - Demilitarized Zone, a special network zone for public servers.
The DMZ is both a logical and a physical location.
Firewall - Security device used to block unsafe network traffic.
Network - Computers and associated devices connected to the University’s
central communications line.
Perimeter - Boundary established by the firewall between the University's
network and the Internet.
Public Server – Approved server that provides services to the
general public. Examples include central web servers, domain name
servers, and the campus FTP server.
Server - Computer that provides services to multiple users or other
computers.
VPN - Virtual Private Network, an encrypted, authenticated, trusted
connection from an external site to the University network.
Principle
The firewall is configured according to the following policies:
Outbound traffic
University computers may initiate connections to the Internet. Subsequent
traffic between the University computer and the external site is
permitted through the firewall.
Inbound traffic to public servers
External computers may initiate connections to public servers in
the University’s DMZ. Subsequent traffic between external
computers and the University’s public servers is permitted.
Inbound traffic to internal computers
Workstations and internal servers are protected by the University
firewall, and are not visible from the Internet by default. Inbound
connections to internal computers are permitted only through VPN. If VPN is not
feasible (e.g., for desktop videoconferencing) user may request a static IP address.
Request must be approved by the Security Administrator.
VPN requirements
Use of VPN software is required to
•
Connect to internal computers from an external site in support of
the University's mission of teaching, research, and public service
•
Connect to external sites in support of University-related business
•
Connect authorized users to Hospital Authority computers from the
University network or from an external site
Public servers
Departmental system administrators who provide public access to a
server may request that the server be moved to the DMZ. This may
require physical relocation of the server.
Request Forms
Inbound VPN Request
Outbound VPN Request
Public Server Request
Static IP Request
Related Documents
Computer Security Policy
Network Infrastructure Migration
Contact
Jim Bingham
Associate Vice Chancellor for Information Resources
Chief Information Officer
University of Kansas Medical Center
2100 West 39th
Kansas City, Kansas 66160
(913) 588-7300
Sherry Callahan
Director of Information Security
Department of Information Resources
University of Kansas Medical Center
2100 West 39th
Kansas City, Kansas 66160
(913) 588-0966
©
The University of Kansas Medical Center